FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Remote-Code-Execution vulnerability in mysql and its variants CVE 2016-6662

Affected packages
mysql57-client < 5.7.15
mysql57-server < 5.7.15

Details

VuXML ID b64a7389-7c27-11e6-8aaa-5404a68ad561
Discovery 2016-09-12
Entry 2016-09-14

LegalHackers' reports:

RCE Bugs discovered in MySQL and its variants like MariaDB. It works by manupulating my.cnf files and using --malloc-lib. The bug seems fixed in MySQL5.7.15 by Oracle

References

CVE Name CVE-2016-6662
URL http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html
URL https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html